Op-Ed: UK banking cyber-attack test draws attention

Posted Apr 11, 2014 by Simon Crompton
During the last few years, there has been increase in security issues affecting stock markets and investors. Cyber criminals now pose a larger threat to corporate and personal information.
The Air Force Cyberspace Command.
The Air Force Cyberspace Command.
U.S. Air Force photo / Tech. Sgt. Cecilio Ricardo
While governmental reforms have focused on addressing information security, dependence on digital data provides increased illegal access opportunities.
Quite recently, there was an incident at the NYSE, where eastern European hackers targeted personal data from stocks such as Nasdaq OMX Group Inc., J.C Penney Co. and 7-Eleven Inc. The data breach has reportedly resulted in the loss of millions of dollars.
In lieu of this background, analysts and investors have welcomed a recent cyber threat exercise to be performed by the Bank of England. The idea of the test is to prepare financial infrastructure for a sustained threat as mentioned earlier. The model is pretty much an extension of the Quantum Dawn 2 simulation held by Wall Street banks earlier this year.
Operation Waking Shark 2
The simulation program from the Bank of England has been dubbed as the Operation Waking Shark 2 and was put to action on 12th November. The simulation would not be restricted to one bank, but to all major financial institutions in London.
The exercise was overseen by the Bank of England, Treasury and the Financial Conduct Authority. Most importantly, it also monitored how the stock market and related core financial services providers cater to the cyber-attacks.
As per the Financial Conduct Authorities, the areas tested on a priority basis were the resilience of the banks, stock market and payment provider behavior. Simulations varied from liquidity squeeze in wholesale market to communication intrusion.
Analysis of the result of the exercise and its important findings are yet to be concluded.
Global Considerations
The exercise has been welcomed by government as well as the security providing sector. Network visibility securityis emerging as a major deterrent against such attacks, as highlighted by Trend Micro ( on its recent report on cyber attacks against small to medium sized businesses. The report summarizes how the new concept of ‘island hopping’ can compromise the defenses of a business through network intrusions.
Network based intrusion was the major reason behind a breach in the Adobe Systems Inc. on October 3rd. The breach involved data piracy of more than 38 million customer accounts and also had a negative impact on the stock market.
A recent study done on the impact of data breaches and it comparison with stock prices makes an important inference. Data collected from various breaches over the last 10 years indicate that such losses can incur a mean stock price change of 0.39 percent, whereas the mean index price change was 1.04%. Furthermore, the stock market impact on network breaches ranges from a -2.32 percent to -0.728 percent.
The recent focus on cyber threats and the impact that it could have on the company’s position in the market has led to certain acquisitions. For instance, there is the recent case of Akamai Technologies buying Prolexic to beef up its web traffic security. The deal, valued at $370 million, would help Akamai boost its cloud based security solutions.
On a larger level, it is imperative that enterprises prioritize security threats with respect to business operations. Many times during the last few years or so, such issues have dampened the profit potential of an enterprise.